Customer Service

Identity Theft

The crime of identity theft often includes unauthorized use of credit or debit cards, but can entail considerably more invasive acts for the victim than that. Called the crime of the new millennium and being well-publicized in the media, identity theft has been increasing over the last few years. The Federal Trade Commission has called it the fastest growing crime in the country. There are several possible reasons for its growth. The rise of the Internet and availability of personal information on the Internet appears to be a factor, although some methods of identity theft do not involve the Internet. One factor is the rapid granting of credit when presented with an application and the lack of verification that all information on the application is true and that the person presenting the application is the person whose information is on the application. Another is the proliferation of personal information collected by various institutions and business and the lack of security in some of those systems.

Identity theft can be divided into two forms: financial and non-financial. Both forms involve the stealing of a person’s personal information (name, address, Social Security number, credit or debit cards, checking account numbers, passwords) and using that to obtain something in the victim’s name. In financial identity theft, the thief may open a checking account, get access to existing accounts, obtain a credit card or other line of credit, or declare bankruptcy in the victim’s name. They may then empty existing accounts, write checks with insufficient funds and charge purchases on the credit cards. Sometimes the victim finds out about the theft when his or her credit card shows unauthorized purchases or when a bill is received for a credit card the victim doesn’t have. However, if the thief applied for a credit card or checking account in the victim’s name but gave his or her address, it may be several months before the victim finds out, sometimes when they apply for more credit and are turned down because the credit report shows a default on a credit card. Inventive thieves have used personal information to create fake tax returns and W-2 forms and then got loans in anticipation of the refund. The victim discovers the fraud when he or she files the tax return.

Thieves committing non-financial identity theft use the personal information to obtain telephone services and equipment, rent apartments, get a job and avoid the consequences of crime. In reverse record identity theft, the thief uses someone else’s identity to apply for a job because he or she has been convicted of a crime or has some other fact that he or she wants to conceal that fact from an employer. In criminal record identity theft, a person who has stolen the personal information from another commits other crimes but gives the victim’s name and other information when caught or questioned. If he or she fails to appear at a court hearing, it is the victim who is contacted and possibly arrested for crimes he or she did not commit.

Both forms of identity theft may have devastating consequences for the victim. Financial theft victims often spent significant amounts of time and money restoring their credit, sometimes successfully. Victims of non-financial theft may find themselves sought by law enforcement officers for crimes they did not commit. Sometimes the victim has to deal with both forms, as the thief made several purchases in his or her name and committed other crimes and is wanted by law enforcement authorities. In one such case, the victim was an executive in Washington D.C. who initially found that someone using his name had opened several credit card accounts and had been making a large number of purchases. He discovered this when he applied for a credit limit increase on his Platinum MasterCard and was denied because the report showed he had opened several other accounts. While the victim attempted to correct his credit reports, more cards and purchases kept showing up. In the meantime, the person who had appropriated the victim’s name was charged with murder using the stolen name as an alias and the case was reported on the television show America’s Most Wanted. The thief was arrested, but four months later (and a year and a half after the initial discovery of the problem) the victim was still working to remove the unauthorized purchases from his credit report. It was never proven how the thief got the victim’s personal information, although it appears likely he bought it from an identity trafficker.

There are several methods that thieves use to collect the information necessary to steal a person’s identity. On the low-technology end of the scale, there is the outright theft of a wallet or purse, which yields the actual credit and debit cards, usually along with other useful information. Less directly, a thief may remove mail from a person’s mailbox and look for pre-approved credit applications (which he or she can fill out and have the card sent to a different address), bank statements or credit card bills (which he or she can use to obtain the credit card number and asked to have forwarded to a different address). In some cases, the thief has all the victim’s mail forwarded so he or she can gather necessary personal information. However, the U.S. Postal Service recently instituted a policy that renders this technique more difficult. Whenever a change of address card is filed, the Postal Services sends a postcard to both addresses, asking them to call a toll free number to verify that they have requested a change.

Another effective (if less sanitary) way of obtaining personal information is “dumpster diving:” retrieving discarded mail from trash bins. So many people throw out credit card bills, solicitations for credit cards and other pieces of mail containing personal information that thieves have found in dumpsters and recycling bins in affluent neighborhoods or near businesses. For example, banks, hospitals and accounting firms are an excellent source of material. With some basic information (retrieved from a dumpster or through other methods), thieves have requested credit reports on victims, posing as a potential landlord or employer, then used that information to make purchases on the existing credit cards or obtain more credit.

The use of a check, credit or debit card may be an opportunity for someone to steal the account information. A common technique is shoulder surfing: standing next to the victim in a checkout line and reading the name, account number and possibly Social Security from a check while the victim writes it, or memorizing the victim’s PIN as she punches it in. Thieves have set up cameras to videotape ATMs and record the PINS of potential victims. Waiters in restaurants have used scanners, electronic devices that reads the credit card’s account number and cardholder’s name, to store that information before returning the card to the customer.

The Internet is used for acquiring personal information in various ways. Carders can hack into databases of companies and download the necessary personal information about customers or employees then sell that information to those who will either use it or sell it to those who will. One hacker downloaded 350,000 credit card numbers from a website of a company selling CDs and demanded $100,000 not to post the numbers on the Internet. When the company refused to pay, he posted them and 25,000 numbers were downloaded before the site was shut down.

A recent method of obtaining personal data gets it from the victim. In phishing, the victim receives an email from what appears to be a legitimate company that they may have done business with in the past (such as, Best Buy, AOL, or PayPal) saying that because of security concerns, the company needs to verify their account information on the company webpage. The person clicks on that link and is taken to what appears to be a legitimate page where spaces are provided for name, address, credit card number, Social Security number and other information. The page was created by the phisher, who then uses the information to open other accounts and charge purchases on the victims’ accounts or sell the information.

Regardless of how the information is acquired, the next step is usually either for the thief to use it for whatever purpose he or she wants (credit card purchases, declaring bankruptcy, giving false identity to police if arrested) or to sell it to traffickers, who re-sell the information or documents to someone who wants to use it.
In 2003, Congress passed and the President signed the Fair and Accurate Transactions Act (“FACTA”) to assist in the prevention of identity theft and credit and debit card fraud. In the statement provided by the President during the signing of the bill, the President declared that:

This bill also confronts the problem of identity theft. A growing number of Americans are victimized by criminals who assume their identities and cause havoc in their financial affairs. With this legislation, the Federal Government is protecting our citizens by taking the offensive against identity theft.